tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

api: namespace list: fix restrictive priv checking

Browse Source 
This endpoint only lists all accessible namespace, and one doesn't
necessarily needs to have permissions on the parent itself just to
have OK ACLs on deeper down NS.

So, drop the upfront check on parent but explicitly avoid leaking if
a NS exists or not, i.e., only do so if they got access on the parent
NS.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
2022-05-27 11:13:43 +02:00
parent 49d604aec1
commit 2393943fbb
2 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backup/hierarchy.rs
View File

@ -142,7 +142,7 @@ impl<'a> ListAccessibleBackupGroups<'a> {
}
}
static NS_PRIVS_OK: u64 =
pub static NS_PRIVS_OK: u64 =
PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_AUDIT;
impl<'a> Iterator for ListAccessibleBackupGroups<'a> {